Shady links, questionable emails, pirated videos, and … the Google Play Store?
Malware authors have long used any and all tools at their disposal to trick victims into downloading malicious software, but the latest app-powered botnet uncovered by researchers in early August makes it clear that even marquee sources like Google may not be as secure as initially thought.
Dubbed WireX by security researchers, the latest online threat targeted Android phones and hid behind approximately 300 different apps that could all be downloaded via the Google Play Store. According to Krebs on Security, once downloaded, the software — which masqueraded as legitimate programs like ringtones and video players — roped a user’s phone into a large botnet that was harnessed to attack websites with distributed denial-of-service attacks.
Conservative estimates put the number of infected Android systems at 70,000, although researchers say it could actually be much higher. Let’s be real, that’s pretty bad. It’s even worse that those devices were potentially used to power a criminal enterprise all because their owners decided to download something via a Google distribution service.
The Mountain View-based company, upon discovery of the compromised apps, moved quickly to remove them from the Play Store. “We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” a spokesperson told Mashable via email. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
And that’s welcome news. However, just because the WireX malware no longer has a distribution home on Google Play doesn’t mean we’re all free and clear. This could happen again.
“What we find very often in this space is that when a new type of event or attack takes place it provides a playbook for the other bad actors,” Gary Davis, the Chief Consumer Security Evangelist at McAfee, wrote over email. “We expect that we could see more of these botnets show up in the future if cybercriminals continue to be successful.”
Notably, Davis doesn’t see this same level of danger for Apple’s App Store — meaning it’s Android users in particular that are at risk. Why? Well, according to Davis, the Google Play Store is in some sense a victim of its own success.
“While Apple has been very successful in selling the iPhone, Android has more phones out in the market which makes it a bigger target for cybercriminals,” Davis noted. “Also, Android is distributed across numerous carriers and manufacturers, which makes it more challenging to provide updates across its user base. This can lead to many consumers using older Android operating systems that could leave them susceptible to an attack.”
While Android users may be at a greater risk for mistakenly downloading malware than iPhone owners, both groups can take steps to protect themselves. Davis emphasized that reading app reviews is an easy way to see if anything appears fishy, and that when in doubt simply don’t download.
Truthfully, as malware creators continue to find new and creative ways to spread their wares, this is solid advice for anyone with a smartphone — especially individuals that rely on Google Play.
“The growth in mobile has made it a lucrative target for the bad guys,” Davis cautioned, “and we expect to see more of these attacks and other types of attacks in the future as cybercriminals continue to realize success.”
So buckle up. This app-based malware ride is far from over.